Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Critical Security Advisories
Loading...
Critical
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS1wZ3BqLXY4NXEtaDVmbc4AA4kU
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalationEcosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 3 months ago
GSA_kwCzR0hTQS1xbXA5LTJ4d2otbTZtOc4AA4ie
Blind SQL injection in shopwareEcosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 3 months ago
Critical
Ecosystems: pypi, maven
Packages: apache-iotdb, org.apache.iotdb:iotdb-core
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 3 months ago
GSA_kwCzR0hTQS1yeGdnLTI3M3ctcmZ3N84AA4c9
Remote Code Execution vulnerability in Apache IoTDB via UDFEcosystems: pypi, maven
Packages: apache-iotdb, org.apache.iotdb:iotdb-core
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 3 months ago
Critical
Ecosystems: npm
Packages: @clerk/nextjs
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 3 months ago
GSA_kwCzR0hTQS1xNnc1LWpnNXEtNDd2Z84AA4bF
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)Ecosystems: npm
Packages: @clerk/nextjs
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 3 months ago
Critical
Ecosystems: go
Packages: github.com/gofiber/template/django/v3
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 3 months ago
GSA_kwCzR0hTQS00bXEyLWdjNGotY213Ns4AA4Y6
Django Template Engine Vulnerable to XSSEcosystems: go
Packages: github.com/gofiber/template/django/v3
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 3 months ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 3 months ago
GSA_kwCzR0hTQS14cTYyLTYyYzktMjJtZ84AA4Y2
Drupal Improper Access ControlEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 3 months ago
Critical
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS13cWNjLXFmNjMtYzJ4NM4AA4Vv
WWBN AVideo Insufficient Entropy vulnerbailityEcosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
Ecosystems: go
Packages: gopkg.in/src-d/go-git.v4, github.com/go-git/go-git/v5, github.com/go-git/go-git/v4
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: 3 months ago
GSA_kwCzR0hTQS00NDlwLTNoODktcHc4OM4AA4Vg
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clientsEcosystems: go
Packages: gopkg.in/src-d/go-git.v4, github.com/go-git/go-git/v5, github.com/go-git/go-git/v4
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: 3 months ago
Critical
Ecosystems: pypi
Packages: aries-cloudagent
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 3 months ago
GSA_kwCzR0hTQS05N3g5LTU5cnYtcTVwbc4AA4Tl
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VCEcosystems: pypi
Packages: aries-cloudagent
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 3 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS1yajdwLXhqdjctNzIyOc4AA4Qj
XWiki Remote Code Execution Vulnerability via User RegistrationEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
Ecosystems: npm
Packages: wrangler
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: 4 months ago
GSA_kwCzR0hTQS1mOG1wLXg0MzMtNXdwZs4AA4Lh
Arbitrary remote code execution within `wrangler dev` Workers sandboxEcosystems: npm
Packages: wrangler
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: 4 months ago
Critical
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 4 months ago
GSA_kwCzR0hTQS05eGc5LWhoNDUteGNtNs4AA4LL
Apache InLong Manager Remote Code Execution vulnerabilityEcosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 4 months ago
Critical
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 4 months ago
GSA_kwCzR0hTQS1qNWg5LTlyMzktNDNxNc4AA4K-
PaddlePaddle command injection in get_online_pass_intervalEcosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 4 months ago
Critical
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 4 months ago
GSA_kwCzR0hTQS0zY3I1LTI0NDYtOHBnM84AA4Kt
PaddlePaddle command injection in convert_shape_compareEcosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 4 months ago
Critical
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 4 months ago
GSA_kwCzR0hTQS1yZjdwLTc5eHEtOHh3bc4AA4LC
PaddlePaddle command injection in _wget_downloadEcosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 4 months ago
Critical
Ecosystems: npm, packagist
Packages: plotly.js, plotly/plotly.js
Source: GitHub Advisory Database
Blast Radius: 47.8
Published: 4 months ago
GSA_kwCzR0hTQS13amM0LTczcTYtZ3Yzbc4AA4Ki
plotly.js prototype pollution vulnerabilityEcosystems: npm, packagist
Packages: plotly.js, plotly/plotly.js
Source: GitHub Advisory Database
Blast Radius: 47.8
Published: 4 months ago
Critical
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 4 months ago
GSA_kwCzR0hTQS00OWpwLWNnaGMtcDVwas4AA4HF
JeecgBoot server-side template injectionEcosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 4 months ago
Critical
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 4 months ago
GSA_kwCzR0hTQS1mcjI5LXc2ajQtNTI1Zs4AA4HB
Jeecg Boot SQL InjectionEcosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 4 months ago
Critical
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 4 months ago
GSA_kwCzR0hTQS01djlyLTc4OGMtd2M4cM4AA4G-
Jeecg Boot SQL injection vulnerabilityEcosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 4 months ago
Critical
Ecosystems: maven
Packages: com.github:hyavijava
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
GSA_kwCzR0hTQS14aGd4LTc5NzQtYzh2Ns4AA4C7
hyavijava stack overflow vulnerabilityEcosystems: maven
Packages: com.github:hyavijava
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
Ecosystems: npm
Packages: bsock
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: 4 months ago
GSA_kwCzR0hTQS1qajkzLTM5cGYtN21jZs4AA39a
bsock uses weak hashing algorithmsEcosystems: npm
Packages: bsock
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: 4 months ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 4 months ago
GSA_kwCzR0hTQS01OXYzLTg5OHItcXdoas4AA37g
MLflow Server-Side Request Forgery (SSRF)Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 4 months ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 4 months ago
GSA_kwCzR0hTQS1oaDhwLXA4bXAtZ3Fobc4AA37i
MLFlow Path Traversal VulnerabilityEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 4 months ago
Critical
Ecosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: 4 months ago
GSA_kwCzR0hTQS0zODYzLTI0NDctNjY5cM4AA35m
transformers has a Deserialization of Untrusted Data vulnerabilityEcosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: 4 months ago
Critical
Ecosystems: npm
Packages: tts-api
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
GSA_kwCzR0hTQS1qeDZxLWZxOWgtNmc3cc4AA35v
Pedroetb TTS-API OS Command InjectionEcosystems: npm
Packages: tts-api
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
GSA_kwCzR0hTQS1xajg2LXA3NHItN3dwNc4AA32-
Remote code execution/programming rights with configuration section from any user accountEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
GSA_kwCzR0hTQS1jcDNqLTI3M3gtM2p4Y84AA329
XSS/CSRF Remote Code Execution in XWiki.ConfigurableClassEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
GSA_kwCzR0hTQS03NjU0LXZmaDYtcnc2eM4AA328
Remote code execution from account through SearchAdminEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
Ecosystems: maven
Packages: org.apache.streampark:streampark
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
GSA_kwCzR0hTQS1xZzQ0LXhxd2otd2MyOM4AA32H
Apache StreamPark: Authenticated system users could trigger remote command executionEcosystems: maven
Packages: org.apache.streampark:streampark
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
Ecosystems: maven
Packages: org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: 4 months ago
GSA_kwCzR0hTQS05N3J2LTg4Z2YtcGh2cs4AA3yx
Apache Dubbo: Bypass deny serialize list check in Apache DubboEcosystems: maven
Packages: org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: 4 months ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 4 months ago
GSA_kwCzR0hTQS01NTR3LXhoNGotOHc2NM4AA3yh
Path traversal in MLflowEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 4 months ago
Critical
Ecosystems: npm
Packages: @spscommerce/ds-react
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
GSA_kwCzR0hTQS1jZnhoLWZyeDQtOWdqZ84AA3yd
Cross-site Scripting in @spscommerce/ds-reactEcosystems: npm
Packages: @spscommerce/ds-react
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: 4 months ago
GSA_kwCzR0hTQS1ncXZmLTNoZ3AtNWh4ds4AA3xA
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerabilityEcosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: 4 months ago
Critical
Ecosystems: pypi
Packages: h2o
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 4 months ago
GSA_kwCzR0hTQS1ncXJxLWo2cG0tOThjMs4AA3w5
External Control of File Name or Path in h2oai/h2o-3Ecosystems: pypi
Packages: h2o
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 4 months ago
Critical
Ecosystems: pypi
Packages: sap-xssec
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 4 months ago
GSA_kwCzR0hTQS02bWpnLTM3Y3AtNDJ4Nc4AA3ul
Improper Privilege Management in sap-xssecEcosystems: pypi
Packages: sap-xssec
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 4 months ago
Critical
Ecosystems: go
Packages: github.com/sap/cloud-security-client-go
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
GSA_kwCzR0hTQS1tOHJ3LXJjcHEtMnZwMs4AA3uk
Improper Privilege Management in github.com/sap/cloud-security-client-goEcosystems: go
Packages: github.com/sap/cloud-security-client-go
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
Ecosystems: maven
Packages: com.sap.cloud.security.xsuaa:spring-xsuaa, com.sap.cloud.security:spring-security, com.sap.cloud.security:java-security
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 4 months ago
GSA_kwCzR0hTQS01OWM5LXB4cTgtOWM3M84AA3uj
Improper JWT Signature Validation in SAP Security Services LibraryEcosystems: maven
Packages: com.sap.cloud.security.xsuaa:spring-xsuaa, com.sap.cloud.security:spring-security, com.sap.cloud.security:java-security
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 4 months ago
Critical
Ecosystems: actions
Packages: afichet/openexr-viewer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
GSA_kwCzR0hTQS05OWpnLXIzZjQtcnB4as4AA3ss
memory overflow vulnerability in OpenEXR-viewerEcosystems: actions
Packages: afichet/openexr-viewer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
Ecosystems: maven
Packages: com.sap.cloud.security:spring-security, com.sap.cloud.security.xsuaa:spring-xsuaa, com.sap.cloud.security:java-security
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 4 months ago
GSA_kwCzR0hTQS1nY2d3LXE0N20tcHJ2as4AA3r5
Improper JWT Signature Validation in SAP Security Services LibraryEcosystems: maven
Packages: com.sap.cloud.security:spring-security, com.sap.cloud.security.xsuaa:spring-xsuaa, com.sap.cloud.security:java-security
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 4 months ago
Critical
Ecosystems: go
Packages: github.com/sap/cloud-security-client-go
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
GSA_kwCzR0hTQS05MmNnLWdocTYtOTU4N84AA3r1
Privilege escalation in sap/cloud-security-client-goEcosystems: go
Packages: github.com/sap/cloud-security-client-go
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
Ecosystems: pypi
Packages: sap-xssec
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 4 months ago
GSA_kwCzR0hTQS1wOTloLXBmZzYtcXJmZ84AA3r0
Privilege escalation in sap-xssecEcosystems: pypi
Packages: sap-xssec
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 4 months ago
Critical
Ecosystems: npm
Packages: @sap/xssec
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: 4 months ago
GSA_kwCzR0hTQS1wMnZ4LXFqNjYtODhxM84AA3rz
Escalation of privileges in @sap/xssecEcosystems: npm
Packages: @sap/xssec
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: 4 months ago
Critical
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 4 months ago
GSA_kwCzR0hTQS01bW1yLTlxeDMtM3BmOc4AA3pb
Code execution in evershopEcosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 4 months ago
Critical
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: 5 months ago
GSA_kwCzR0hTQS0yajM5LXFjam0tNDI4d84AA3mt
Apache Struts vulnerable to path traversalEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: 5 months ago
Critical
Ecosystems: actions
Packages: tj-actions/branch-names
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS04djh3LXY4eGctNzlyZs4AA3lB
tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code InjectionEcosystems: actions
Packages: tj-actions/branch-names
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: maven
Packages: org.htmlunit:htmlunit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS0zN3ZxLWhyMmYtZzdoN84AA3hx
HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTLEcosystems: maven
Packages: org.htmlunit:htmlunit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: maven
Packages: io.github.microcks:microcks
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS1ncWoyLTMyNHAtdng3M84AA3hv
Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/downloadEcosystems: maven
Packages: io.github.microcks:microcks
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: maven
Packages: org.noear:solon
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 5 months ago
GSA_kwCzR0hTQS12d2dnLTJxODItMzhjNc4AA3hw
Solon is vulnerable to Deserialization of Untrusted DataEcosystems: maven
Packages: org.noear:solon
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 5 months ago
Critical
Ecosystems: maven
Packages: org.jupiter-rpc:jupiter-rpc
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 5 months ago
GSA_kwCzR0hTQS02cHF4LXY5ZzQtNWhjOM4AA3fC
Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC requestEcosystems: maven
Packages: org.jupiter-rpc:jupiter-rpc
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 5 months ago
Critical
Ecosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS1mZzI5LTM3cHgtYzd3bc4AA3et
RuoYi vulnerable to SQL injection vulnerabilityEcosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: packagist
Packages: elijaa/phpmemcacheadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS04cWZtLWg4cmgtaDNyN84AA3b4
PHPMemcachedAdmin Path Traversal vulnerabilityEcosystems: packagist
Packages: elijaa/phpmemcacheadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: maven
Packages: org.apache.cocoon:cocoon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS03N2pnLWNwdzktNzN2Z84AA3bl
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerabilityEcosystems: maven
Packages: org.apache.cocoon:cocoon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: maven
Packages: org.apache.cocoon:cocoon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS04djR3LWpyMzMtNHJoM84AA3bY
Apache Cocoon SQL Injection vulnerabilityEcosystems: maven
Packages: org.apache.cocoon:cocoon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 5 months ago
GSA_kwCzR0hTQS1wOHEzLWg2NTItNjV2eM4AA3a2
October CMS safe mode bypass using Twig sandbox escapeEcosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 5 months ago
Critical
Ecosystems: go
Packages: github.com/clastix/capsule-proxy, github.com/projectcapsule/capsule-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS1mcHZ3LTZtNXYtaHFmcM4AA3W4
Capsule Proxy Authentication bypass using an empty tokenEcosystems: go
Packages: github.com/clastix/capsule-proxy, github.com/projectcapsule/capsule-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: go
Packages: github.com/layer5io/meshery
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS05ampjLWdyZzUtNjdnas4AA3W2
SQL injection vulnerability in MesheryEcosystems: go
Packages: github.com/layer5io/meshery
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: npm
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: 5 months ago
GSA_kwCzR0hTQS03NXcyLXF2NTUteDdmds4AA3We
openssl npm package vulnerable to command executionEcosystems: npm
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: 5 months ago
Critical
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
GSA_kwCzR0hTQS12NWdqLWZ4M2ctaGNwd84AA3TT
SQL injection in Apache SubmarineEcosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.contrib:xwiki-application-admintools
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS04anByLWZmOTItaHBmOc4AA3RO
Run Shell Command allows Cross-Site Request ForgeryEcosystems: maven
Packages: org.xwiki.contrib:xwiki-application-admintools
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-diff-xml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS03cmZnLTYyNzMtZjV3cM4AA3RM
Cookies are sent to external images in rendered diff (and server side request forgery)Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-diff-xml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
GSA_kwCzR0hTQS04aGNyLTV4MmctOWY3as4AA3Qs
Deserialization of Untrusted Data in apache-submarineEcosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Critical
Ecosystems: maven
Packages: org.apache.derby:derby
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: 5 months ago
GSA_kwCzR0hTQS1yY2pjLWM0cGoteHhycM4AA3Qr
Apache Derby: LDAP injection vulnerability in authenticatorEcosystems: maven
Packages: org.apache.derby:derby
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: 5 months ago
Critical
Ecosystems: pypi
Packages: ibis-framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
GSA_kwCzR0hTQS14NTYzLTZocXYtMjZtcs4AA3P0
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data fileEcosystems: pypi
Packages: ibis-framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Critical
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 5 months ago
GSA_kwCzR0hTQS12MzJtLXBmOXEtcDN4Z84AA3PR
Liferay Portal XSS with `p_l_back_url_title` on edit content pageEcosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 5 months ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: 5 months ago
GSA_kwCzR0hTQS00cXE1LW14eHgtbTZnZ84AA3Oh
MLflow authentication requirement bypass can allow a user to arbitrarily create an accountEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: 5 months ago
Critical
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 5 months ago
GSA_kwCzR0hTQS02Y3hyLThxM20tandycs4AA3Oe
Ray Missing Authorization vulnerabilityEcosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 5 months ago
Critical
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 5 months ago
GSA_kwCzR0hTQS0zcHd3LXF2cjgtNm1ocM4AA3N9
Ray Path Traversal vulnerabilityEcosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 5 months ago
Critical
Ecosystems: maven
Packages: ai.h2o:h2o-core
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: 5 months ago
GSA_kwCzR0hTQS02bXY4LTk1eDUteGNxOc4AA3OV
H2O local file inclusion vulnerabilityEcosystems: maven
Packages: ai.h2o:h2o-core
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: 5 months ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 5 months ago
GSA_kwCzR0hTQS1mNzk4LXFtNHItMjNyNc4AA3ON
MLflow allowed arbitrary files to be PUT onto the serverEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 5 months ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 5 months ago
GSA_kwCzR0hTQS01cDNoLTdmd2gtOTJyY84AA3OR
Remote Code Execution due to Full Controled File Write in mlflowEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 5 months ago
Critical
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: 5 months ago
GSA_kwCzR0hTQS1oM3hnLXd2NTgtNXA0M84AA3OI
Ray OS Command Injection vulnerabilityEcosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: 5 months ago
Critical
Ecosystems: pypi
Packages: piccolo
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 5 months ago
GSA_kwCzR0hTQS14cTU5LTdqZjMtcmpjNs4AA3C2
piccolo SQL Injection via named transaction savepointsEcosystems: pypi
Packages: piccolo
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 5 months ago
Critical
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS00amNoLThxcTUtaHFnNs4AA3CO
Froxlor Improper Input Validation vulnerabilityEcosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 5 months ago
GSA_kwCzR0hTQS1mNDc1LXg4M20tcng1bc4AA3Ax
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session TokensEcosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 5 months ago
Critical
Ecosystems: pypi
Packages: pyarrow
Source: GitHub Advisory Database
Blast Radius: 42.9
Published: 5 months ago
GSA_kwCzR0hTQS01d3ZwLTdmM2gtNndtbc4AA3Am
PyArrow: Arbitrary code execution when loading a malicious data fileEcosystems: pypi
Packages: pyarrow
Source: GitHub Advisory Database
Blast Radius: 42.9
Published: 5 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS1qOXJjLXczd3YtZnY2Ms4AA2_R
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menuEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration, org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS02MnByLXFxZjctaGg4Oc4AA2_Q
XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guestEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration, org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-display-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS1ybXh3LWM0OGgtMnZmNc4AA2-Y
XWiki Platform privilege escalation from script right to programming right through title displayerEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-display-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS1oZ3B3LTZwNGgtajZoNc4AA2-W
XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF tokenEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: packagist
Packages: ezsystems/ezplatform-solr-search-engine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS03Y3JjLXIzd2ctY2ZnZs4AA26r
Json response for search reveals Solr credentialsEcosystems: packagist
Packages: ezsystems/ezplatform-solr-search-engine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
Ecosystems: packagist
Packages: ibexa/solr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS12NnhwLWNjdngtdzUybc4AA26q
Json response for search reveals Solr credentialsEcosystems: packagist
Packages: ibexa/solr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
Ecosystems: pypi
Packages: transmute-core
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 6 months ago
GSA_kwCzR0hTQS13OWNwLTN4NzktMnA4cM4AA23u
transmute-core unsafe YAML deserialization vulnerabilityEcosystems: pypi
Packages: transmute-core
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 6 months ago
Critical
Ecosystems: maven
Packages: org.opencrx:opencrx-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS1xNzRmLXJmMjctOGh4Y84AA2zZ
OpenCRX allows a remote attacker to execute arbitrary code via a crafted requestEcosystems: maven
Packages: org.opencrx:opencrx-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
Ecosystems: maven
Packages: org.apache.activemq:activemq-openwire-legacy, org.apache.activemq:activemq-client
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: 6 months ago
GSA_kwCzR0hTQS1jcmc5LTQ0aDIteHczNc4AA2vl
Apache ActiveMQ is vulnerable to Remote Code ExecutionEcosystems: maven
Packages: org.apache.activemq:activemq-openwire-legacy, org.apache.activemq:activemq-client
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: 6 months ago
Critical
Ecosystems: npm
Packages: crypto-js
Source: GitHub Advisory Database
Blast Radius: 47.5
Published: 6 months ago
GSA_kwCzR0hTQS14d2NxLXBtOG0tYzR2Zs4AA2sP
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standardEcosystems: npm
Packages: crypto-js
Source: GitHub Advisory Database
Blast Radius: 47.5
Published: 6 months ago
Critical
Ecosystems: npm
Packages: crypto-es
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 6 months ago
GSA_kwCzR0hTQS1tcGo4LXEzOXgtd3E1aM4AA2sN
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standardEcosystems: npm
Packages: crypto-es
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 6 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS05M2doLWpnamotcjkyOc4AA2sM
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pagesEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS1xY2o5LWdjcGctNHcyd84AA2sL
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabledEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS1naGY2LTJmNDItbWpoOc4AA2sK
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's titleEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-web-standard, org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS1ncjgyLThmajItZ2djM84AA2sJ
XWiki Platform XSS vulnerability from account in the create page form via template providerEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-web-standard, org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-office-importer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS12Y3ZyLXY0MjYtM20zbc4AA2sI
org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converterEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-office-importer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.rendering:xwiki-rendering-xml
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 6 months ago
GSA_kwCzR0hTQS02NjN3LTJ4cDMtNTczOc4AA2sD
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerabilityEcosystems: maven
Packages: org.xwiki.rendering:xwiki-rendering-xml
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 6 months ago
Critical
Ecosystems: maven
Packages: cn.dev33:sa-token-core
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 6 months ago
GSA_kwCzR0hTQS01NGY2LTlteDktODZmN84AA2pn
SaToken privilege escalation vulnerabilityEcosystems: maven
Packages: cn.dev33:sa-token-core
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 6 months ago
Critical
Ecosystems: maven
Packages: com.usthe.sureness:sureness-core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 6 months ago
GSA_kwCzR0hTQS0zajJmLTU4cnEtZzZwN84AA2o5
Sureness uses hardcoded keyEcosystems: maven
Packages: com.usthe.sureness:sureness-core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 6 months ago
Critical
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 6 months ago
GSA_kwCzR0hTQS04aDV3LWY2cTktd2czNc4AA2mm
Langchain SQL Injection vulnerabilityEcosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 6 months ago
Critical
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 6 months ago
GSA_kwCzR0hTQS1wcWdtLTlnODItd2NtN84AA2mf
modoboa Cross-site Scripting vulnerabilityEcosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 6 months ago
Critical
Ecosystems: maven
Packages: org.yamcs:yamcs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS00M2Z3LTUzNmotdzM3as4AA2kO
Yamcs API Directory Traversal vulnerabilityEcosystems: maven
Packages: org.yamcs:yamcs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS03cDkyLXg0MjMtdndqNs4AA2gZ
Plonk verifier KZG multi point verificationEcosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
Ecosystems: npm
Packages: @seal-security/mongoose-fixed
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS1yYzR2LTk5Y3ItcGpjbc4AA2gY
Prototype Pollution in ali-security/mongooseEcosystems: npm
Packages: @seal-security/mongoose-fixed
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
Ecosystems: maven
Packages: com.xwiki.identity-oauth:identity-oauth-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS1oMnJtLTI5Y2gtd2ZtaM4AA2gS
XWiki Identity Oauth Privilege escalation (PR)/remote code execution from login screen through unescaped URL parameterEcosystems: maven
Packages: com.xwiki.identity-oauth:identity-oauth-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Statistics
Advisories: 17,470
Packages: 8,115
Repositories: 1,243
Ecosystems: 12
Packages: 8,115
Repositories: 1,243
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
magento/community-edition
27
com.fasterxml.jackson.core:jackson-databind
24
net.mingsoft:ms-mcms
18
org.jenkins-ci.main:jenkins-core
18
com.liferay.portal:release.portal.bom
13
mlflow
12
langchain
12
com.liferay.portal:release.dxp.bom
12
org.apache.dubbo:dubbo
12
org.apache.struts:struts2-core
11
magento/core
11
vm2
10
apache-airflow
10
org.xwiki.platform:xwiki-platform-oldcore
9
tensorflow
9
topthink/framework
9
funadmin/funadmin
9
shopware/platform
8
org.jeecgframework.boot:jeecg-boot-common
8
rdiffweb
8
org.xwiki.platform:xwiki-platform-web-templates
8
paddlepaddle
8
tensorflow-cpu
8
tensorflow-gpu
8
moodle/moodle
8
ansible
7
rusqlite
7
gogs.io/gogs
7
dolibarr/dolibarr
7
studio-42/elfinder
7
org.xwiki.platform:xwiki-platform-administration-ui
7
sequelize
7
symfony/symfony
6
github.com/argoproj/argo-cd
6
drupal/core
6
github.com/answerdev/answer
6
thorsten/phpmyfaq
6
aaptjs
6
parse-server
6
froxlor/froxlor
5
org.apache.activemq:activemq-client
5
org.jeecgframework.boot:jeecg-boot-parent
5
org.xwiki.commons:xwiki-commons-xml
5
steal
5
org.apache.shiro:shiro-core
5
org.apache.tomcat.embed:tomcat-embed-core
5
org.jenkins-ci.plugins:script-security
5
Pillow
5
ezsystems/ezpublish-kernel
5
org.xwiki.platform:xwiki-platform-web
5
org.apache.inlong:manager-pojo
5
Microsoft.ChakraCore
5
nodebb
5
shopware/core
5
ckb
5
centreon/centreon
5
safe-eval
5
Django
4
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
4
org.apache.kylin:kylin-server-base
4
baserproject/basercms
4
apache-airflow-providers-apache-hive
4
org.cloudfoundry.identity:cloudfoundry-identity-server
4
swagger-ui
4
github.com/hashicorp/vault
4
spree_auth_devise
4
org.eclipse.jetty:jetty-server
4
github.com/usememos/memos
4
realms-shim
4
openssl-src
4
org.apache.tapestry:tapestry-core
4
smallvec
4
django
4
feehi/cms
4
safer-eval
4
net.opentsdb:opentsdb
4
org.apache.openmeetings:openmeetings-parent
4
zendframework/zendframework
4
calibreweb
4
phpmyadmin/phpmyadmin
4
PaddlePaddle
4
prestashop/prestashop
4
github.com/argoproj/argo-cd/v2
4
org.jeecgframework.boot:jeecg-boot-base-core
4
org.apache.inlong:manager-service
4
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
4
hermes-engine
4
messagepack-rs
4
feathers-sequelize
3
com.alibaba:dubbo
3
ibexa/core
3
handlebars
3
ro.pippo:pippo-core
3
nvflare
3
cobbler
3
edu.stanford.nlp:stanford-corenlp
3
francoisjacquet/rosariosis
3
facade/ignition
3
github.com/hashicorp/nomad
3
org.richfaces:richfaces-core
3
org.keycloak:keycloak-core
3
org.apache.ozone:ozone-main
3
dompdf/dompdf
3
org.apache.storm:storm
3
io.undertow:undertow-core
3
org.apache.solr:solr-parent
3
org.apache.dolphinscheduler:dolphinscheduler
3
ray
3
jsrsasign
3
io.dataease:dataease-plugin-common
3
tribalsystems/zenario
3
org.apache.inlong:manager-web
3
org.xwiki.platform:xwiki-platform-search-ui
3
code.gitea.io/gitea
3
org.apache.ignite:ignite-core
3
showdoc/showdoc
3
@openzeppelin/contracts-upgradeable
3
org.apache.any23:apache-any23
3
typo3/cms
3
github.com/pterodactyl/wings
3
org.jenkins-ci.plugins.workflow:workflow-cps
3
org.apache.logging.log4j:log4j-core
3
github.com/dexidp/dex
3
org.apache.jmeter:ApacheJMeter
3
log4j:log4j
3
org.zenframework.z8.dependencies.commons:log4j-1.2.17
3
impresscms/impresscms
3
org.apache.linkis:linkis
3
id-map
3
modoboa
3
phpmailer/phpmailer
3
com.hazelcast:hazelcast
3
rubygems-update
3
pyload-ng
3
nokogiri
3
org.jenkins-ci.plugins:active-directory
3
slp-validate
3
librenms/librenms
3
actix-web
3
org.jeecgframework.boot:jeecg-boot-base
3
org.xwiki.platform:xwiki-platform-panels-ui
3
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
3
pimcore/pimcore
3
org.apache.hadoop:hadoop-common
3
com.jflyfox:jflyfox_jfinal
3
org.apache.solr:solr-core
3
craftcms/cms
3
org.springframework.security:spring-security-core
3
xcb
3
publify_core
3
slpjs
3
org.xwiki.platform:xwiki-platform-icon-ui
3
drupal/drupal
3
ezsystems/ezplatform-kernel
3
strapi
3
puma
2
com.sap.cloud.security:spring-security
2
codeigniter/framework
2
org.keycloak:keycloak-parent
2
smarty/smarty
2
org.apache.shenyu:shenyu-common
2
pandasai
2
org.folio:mod-data-export-spring
2
org.xwiki.platform:xwiki-platform-scheduler-ui
2
activerecord
2
pyyaml
2
org.apache.ranger:ranger
2
github.com/rancher/rancher
2
org.keycloak:keycloak-services
2
github.com/russellhaering/gosaml2
2
org.apache.pulsar:pulsar
2
com.sap.cloud.security:java-security
2
com.hazelcast.jet:hazelcast-jet
2
deno
2
org.apache.flume.flume-ng-sources:flume-jms-source
2
ctx
2
facturascripts/facturascripts
2
reportlab
2
github.com/moby/buildkit
2
llama-index
2
shell-quote
2
org.apache.xmlrpc:xmlrpc
2
org.apache.dubbo:dubbo-parent
2
@keystone-6/core
2
llhttp
2
wwbn/avideo
2
tenvoy
2
com.sap.cloud.security.xsuaa:spring-xsuaa
2
nilsteampassnet/teampass
2
stack_dst
2
org.apache.cassandra:cassandra-all
2
github.com/grafana/grafana
2
cn.hutool:hutool-all
2
elefant/cms
2
url-parse
2
gerapy
2
xmlhttprequest-ssl
2
js-data
2
typo3/phar-stream-wrapper
2
@sequelize/core
2
Filter by Repository
https://github.com/xwiki/xwiki-platform
81
https://github.com/FasterXML/jackson-databind
24
https://github.com/jenkinsci/jenkins
17
https://github.com/apache/airflow
14
https://github.com/mlflow/mlflow
11
https://github.com/PaddlePaddle/Paddle
11
https://github.com/ming-soft/MCMS
10
https://github.com/patriksimek/vm2
10
https://github.com/funadmin/funadmin
9
https://github.com/jeecgboot/jeecg-boot
9
https://github.com/tensorflow/tensorflow
9
https://github.com/langchain-ai/langchain
8
https://github.com/django/django
8
https://github.com/magento/magento2
8
https://github.com/apache/inlong
8
https://github.com/ikus060/rdiffweb
8
https://github.com/python-pillow/Pillow
7
https://github.com/top-think/framework
7
https://github.com/argoproj/argo-cd
7
https://github.com/apache/struts
7
https://github.com/gogs/gogs
7
https://github.com/Studio-42/elFinder
7
https://github.com/ansible/ansible
7
https://github.com/sequelize/sequelize
7
https://github.com/rusqlite/rusqlite
7
https://github.com/xwiki/xwiki-commons
6
https://github.com/thorsten/phpmyfaq
6
https://github.com/answerdev/answer
6
https://github.com/shopware/platform
6
https://github.com/shenzhim/aaptjs
6
https://github.com/parse-community/parse-server
6
https://github.com/apache/tomcat
5
https://github.com/symfony/symfony
5
https://github.com/solidusio/solidus_auth_devise
5
https://github.com/nervosnetwork/ckb
5
https://github.com/hacksparrow/safe-eval
5
https://github.com/moodle/moodle
5
https://github.com/apache/activemq
5
https://github.com/NodeBB/NodeBB
5
https://github.com/froxlor/froxlor
5
https://github.com/keycloak/keycloak
5
https://github.com/stealjs/steal
5
https://github.com/go-gitea/gitea
5
https://github.com/cloudfoundry/uaa
4
https://github.com/liufee/cms
4
https://github.com/dromara/hutool
4
https://github.com/spring-projects/spring-framework
4
https://github.com/janeczku/calibre-web
4
https://github.com/hwchase17/langchain
4
https://github.com/PrestaShop/PrestaShop
4
https://github.com/swagger-api/swagger-ui
4
https://github.com/usememos/memos
4
https://github.com/ezsystems/ezpublish-kernel
4
https://github.com/dompdf/dompdf
4
https://github.com/OpenTSDB/opentsdb
4
https://github.com/CVEProject/cvelist
4
https://github.com/otake84/messagepack-rs
4
https://github.com/servo/rust-smallvec
4
https://github.com/pippo-java/pippo
4
https://github.com/octobercms/october
3
https://github.com/mbechler/marshalsec
3
https://github.com/pyload/pyload
3
https://github.com/kjur/jsrsasign
3
https://github.com/modoboa/modoboa
3
https://github.com/rubygems/rubygems.org
3
https://github.com/twisted/twisted
3
https://github.com/denoland/deno
3
https://github.com/simpleledger/slpjs
3
https://github.com/actix/actix-web
3
https://github.com/rubygems/rubygems
3
https://github.com/PHPMailer/PHPMailer
3
https://github.com/cobbler/cobbler
3
https://github.com/dwisiswant0/advisory
3
https://github.com/facade/ignition
3
https://github.com/baserproject/basercms
3
https://github.com/apache/shiro
3
https://github.com/centreon/centreon-archived
3
https://github.com/pterodactyl/wings
3
https://github.com/shopware/shopware
3
https://github.com/opencast/opencast
3
https://github.com/dataease/dataease
3
https://github.com/ibexa/core
3
https://github.com/andrewhickman/id-map
3
https://github.com/pimcore/pimcore
3
https://github.com/LetianYuan/My-CVE-Public-References
3
https://github.com/rancher/rancher
3
https://github.com/craftcms/cms
3
https://github.com/Dolibarr/dolibarr
3
https://github.com/NVIDIA/NVFlare
3
https://github.com/ezsystems/ezplatform-kernel
3
https://github.com/star7th/showdoc
3
https://github.com/ImpressCMS/impresscms
3
https://github.com/publify/publify
3
https://github.com/feathersjs-ecosystem/feathers-sequelize
3
https://github.com/crewjam/saml
3
https://github.com/github/securitylab
3
https://github.com/neorazorx/facturascripts
3
https://github.com/facebook/hermes
3
https://github.com/hazelcast/hazelcast
3
https://github.com/dexidp/dex
3
https://github.com/apache/camel
3
https://github.com/strapi/strapi
3
https://github.com/chakra-core/ChakraCore
3
https://github.com/jflyfox/jfinal_cms
3
https://github.com/run-llama/llama_index
3
https://github.com/TribalSystems/Zenario
2
https://github.com/russellhaering/gosaml2
2
https://github.com/apache/kylin
2
https://github.com/rest-client/rest-client
2
https://github.com/jbroadway/elefant
2
https://github.com/SAP/cloud-pysec
2
https://github.com/nats-io/jwt
2
https://github.com/top-think/thinkphp
2
https://github.com/getgrav/grav
2
https://github.com/simpleledger/slp-validate.js
2
https://github.com/javamelody/javamelody
2
https://github.com/ADOdb/ADOdb
2
https://github.com/IceWhaleTech/CasaOS
2
https://github.com/josdejong/mathjs
2
https://github.com/apache/jmeter
2
https://github.com/rust-lang-nursery/failure
2
https://github.com/ionicabizau/parse-url
2
https://github.com/hashicorp/vault
2
https://github.com/handlebars-lang/handlebars.js
2
https://github.com/keystonejs/keystone
2
https://github.com/noear/solon
2
https://github.com/h2database/h2database
2
https://github.com/netvl/acc_reader
2
https://github.com/nodejs/llhttp
2
https://github.com/rubyzip/rubyzip
2
https://github.com/jfinal/jfinal
2
https://github.com/jmrozanec/cron-utils
2
https://github.com/gventuri/pandas-ai
2
https://github.com/google/flatbuffers
2
https://github.com/OpenAPITools/openapi-generator
2
https://github.com/benbusby/whoogle-search
2
https://github.com/sjep/array
2
https://github.com/pytorch/serve
2
https://github.com/SAP/cloud-security-client-go
2
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable
2
https://github.com/gofiber/fiber
2
https://github.com/dfinity/agent-js
2
https://github.com/jaw187/node-traceroute
2
https://github.com/WWBN/AVideo
2
https://github.com/line/armeria
2
https://github.com/soketi/soketi
2
https://github.com/yaml/pyyaml
2
https://github.com/jenkinsci/script-security-plugin
2
https://github.com/totaljs/framework
2
https://github.com/HtmlUnit/htmlunit
2
https://github.com/jenkinsci/semantic-versioning-plugin
2
https://github.com/stanfordnlp/corenlp
2
https://github.com/ahdinosaur/set-in
2
https://github.com/web2py/web2py
2
https://github.com/mautic/mautic
2
https://github.com/kubernetes/kubernetes
2
https://github.com/js-data/js-data
2
https://github.com/Microsoft/ChakraCore
2
https://github.com/puma/puma
2
https://github.com/ibexa/admin-ui
2
https://github.com/beego/beego
2
https://github.com/MrSwitch/hello.js
2
https://github.com/evmos/evmos
2
https://github.com/http4s/http4s
2
https://github.com/dominictarr/libnested
2
https://github.com/moby/buildkit
2
https://github.com/fluxcd/flux2
2
https://github.com/neo4j-contrib/neo4j-apoc-procedures
2
https://github.com/unshiftio/url-parse
2
https://github.com/OpenZeppelin/openzeppelin-contracts
2
https://github.com/cockpit-hq/cockpit
2
https://github.com/markevans/dragonfly
2
https://github.com/gnzlbg/slice_deque
2
https://gitlab.com/francoisjacquet/rosariosis
2
https://github.com/sparklemotion/nokogiri
2
https://github.com/nilsteampassnet/teampass
2
https://github.com/omrilotan/async-git
2
https://github.com/apache/dolphinscheduler
2
https://github.com/apache/karaf
2
https://github.com/kujirahand/nadesiko3
2
https://github.com/vert-x3/vertx-web
2
https://github.com/TYPO3/phar-stream-wrapper
2
https://github.com/hashicorp/nomad
2
https://github.com/smarty-php/smarty
2
https://github.com/openstack/python-keystoneclient
2
https://github.com/reem/rust-traitobject
2
https://github.com/Agoric/realms-shim
2
https://github.com/git-lfs/git-lfs
2
https://github.com/TogaTech/tEnvoy
2
https://github.com/OpenMage/magento-lts
2
https://github.com/rust-random/rand
2
https://github.com/xwiki/xwiki-rendering
2
https://github.com/apache/flume
2
https://github.com/skoranga/node-dns-sync
2
https://github.com/actix/actix-net
2
https://github.com/SAP/cloud-security-services-integration-library
2
https://github.com/commenthol/safer-eval
2
https://github.com/vyperlang/vyper
2
https://github.com/quarkusio/quarkus
2